Bug 52616

Summary:	SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)
Product:	Apache httpd-2	Reporter:	m-one
Component:	mod_ssl	Assignee:	Apache HTTPD Bugs Mailing List <bugs>
Status:	REOPENED ---
Severity:	enhancement	CC:	apachebz
Priority:	P2
Version:	2.2.16
Target Milestone:	---
Hardware:	PC
OS:	Linux

Description m-one 2012-02-07 06:14:59 UTC

I've trouble using SSL_CLIENT_S_DN_CN in SSLUserName with FakeBasicAuth.

My apache config:

<Location /repos>
    SSLOptions +FakeBasicAuth +StdEnvVars
    SSLUserName SSL_CLIENT_S_DN_CN
    AuthName "Restricted area"
    AuthType Basic
    AuthUserFile /etc/apache2/fakeauth.passwd
    require valid-user
</Location>

In this case SSL_CLIENT_S_DN_CN equals SSL_CLIENT_S_DN. I've used patch http://reki.ru/products/subversion/patch-server-ssl_engine_kernel.c which correct this behaviour to the right way.

Comment 1 Ruediger Pluem 2012-02-07 12:51:38 UTC

At best this is a missing feature as the documentation (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslusername) clearly states that SSLUserName and FakeBasicAuth do not work in conjunction.

Comment 2 Graham Leggett 2013-01-12 11:28:18 UTC

Fixed in httpd-trunk r1432322, proposed for backport to v2.4.

Comment 3 Graham Leggett 2013-03-17 16:07:56 UTC

Alternative fix in trunk as follows:

http://svn.apache.org/viewvc?view=revision&revision=r1457437
http://svn.apache.org/viewvc?view=revision&revision=r1457450
http://svn.apache.org/viewvc?view=revision&revision=r1457471